[GitHub] [knox] smolnar82 commented on a change in pull request #441: KNOX-2597 - Falling back to AliasBasedTokenStateService in case of DB configuration issues

Sun, 02 May 2021 11:28:39 -0700 


smolnar82 commented on a change in pull request #441:
URL: https://github.com/apache/knox/pull/441#discussion_r624735857



##########
File path: 
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
##########
@@ -207,6 +211,42 @@ public void init() throws AliasServiceException {
         log.noRenewersConfigured(topologyName);
       }
     }
+    setTokenStateServiceStatusMap();
+  }
+
+  private void setTokenStateServiceStatusMap() {
+    if (isServerManagedTokenStateEnabled()) {
+      tokenStateServiceStatusMap.put("tokenManagementEnabled", "true");
+      final GatewayConfig config = (GatewayConfig) 
request.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
+      final String configuredTokenStateServiceImpl = 
config.getServiceParameter(ServiceType.TOKEN_STATE_SERVICE.getShortName(), 
"impl");
+      final String configuredTokenServiceName = 
StringUtils.isBlank(configuredTokenStateServiceImpl) ? ""
+          : 
configuredTokenStateServiceImpl.substring(configuredTokenStateServiceImpl.lastIndexOf('.')
 + 1);
+      final String actualTokenStateServiceImpl = 
tokenStateService.getClass().getCanonicalName();
+      final String actualTokenServiceName = 
actualTokenStateServiceImpl.substring(actualTokenStateServiceImpl.lastIndexOf('.')
 + 1);
+      tokenStateServiceStatusMap.put("configuredTssBackend", 
configuredTokenServiceName);
+      tokenStateServiceStatusMap.put("actualTssBackend", 
actualTokenServiceName);
+      populateAllowedTokenStateBackendForTokenGenApp(actualTokenServiceName);
+    } else {
+      tokenStateServiceStatusMap.put("tokenManagementEnabled", "false");
+    }
+  }
+
+  private void populateAllowedTokenStateBackendForTokenGenApp(final String 
actualTokenServiceName) {
+    tokenStateServiceStatusMap.put("allowedTssForTokengen", "false");
+    final String allowedTssBackends = 
context.getInitParameter(TOKEN_EXP_TOKENGEN_ALLOWED_TSS_BACKENDS);
+    if (allowedTssBackends != null && !allowedTssBackends.isEmpty()) {
+      for (String allowedTssBackend : allowedTssBackends.split(",")) {
+        if (allowedTssBackend.trim().equals(actualTokenServiceName)) {
+          tokenStateServiceStatusMap.put("allowedTssForTokengen", "true");
+          break;
+        }
+      }
+    } else {
+      //as of now, we allow keystore and DB back-end for the tokengen 
application

Review comment:
       Going to make it clear.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to